web app security - Dueling auth-constraint elements

Hi, I have a doubt regarding Deuling <auth-constraint> elements. How does the container resolve access if one security-constraint, has empty <auth-constraint/> tag and the other constraint has <auth-constraint> <role-name>*</role-name> </auth-constraint>

Which one does it consider? Allow access to everybody or allow access to nobody.